CVE-2020-4430

Name of the Vulnerable Software and Affected Versions IBM Data Risk Manager versions 2.0.1 through 2.0.4

Description The issue is related to insufficient path validation in the IBM Data Risk Manager application, allowing a remote attacker to traverse directories and download arbitrary files by sending a specially crafted URL request. This could potentially lead to unauthorized access to sensitive data.

Recommendations For versions 2.0.1 through 2.0.4, consider restricting access to the application until a patch is available, and avoid using the vulnerable directory traversal functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.